| ▲ | drdexebtjl 7 hours ago |
| I had similar problems with GNU Stow, but switched to Nix and Home Manager instead. I think Chezmoi's templates and file naming conventions don't click for me, but it's nice to see a good variety in this problem space. |
|
| ▲ | bkummel 7 hours ago | parent | next [-] |
| I didn't even know that managing dotfiles was a "problem space". |
| |
| ▲ | kstrauser 5 hours ago | parent | next [-] | | It's dead simple to manage files in git or such. What Chezmoi adds over that are niceties like: * Permission management, so that ssh wouldn't refuse to log you in because ~/.ssh/authorized_keys is 0755 instead of 0644. * Templating, because ~/.ssh/config has slightly different options on Mac and Linux, so you can't use the exact same file contents as-is on both systems. I can run `chezmoi apply` and get all the files in the right places and they're all setup just right. Like so many others, I'd previously built my own ad-hoc system to handle these things, and it ended up looking like a crappy, half-baked version of Chezmoi. When it came up on my radar I immediately ported my own system over to it and never looked back. | |
| ▲ | awesome_dude 7 hours ago | parent | prev [-] | | Even just as a user of nix there has been this problem of how to manage dotfiles - people have git repositories for them but they are copies, because the actual dotfile in use is never tracked For a System administrator the problem is many orders of magnitude worse |
|
|
| ▲ | tfrancisl 6 hours ago | parent | prev | next [-] |
| If you like home manager but also like to understand how your "home"/user programs are configured, take a look at hjem! |
| |
| ▲ | drdexebtjl 5 hours ago | parent [-] | | Last time I looked, it only worked with NixOS. I don't understand what makes it more understandable than Home Manager, though. If you look at the source of a Home Manager `programs.foo` module, it should look mostly like this: home.packages = [ cfg.package ];
xdg.configFile."foo/config.yaml".source = yamlFormat.generate "config.yaml" cfg.settings;
Which is pretty much exactly the same syntax you get with Hjem, but with more optional features. So you could just write that instead whenever you want full control :) | | |
| ▲ | tfrancisl 5 hours ago | parent [-] | | It works on darwin and any linux just fine. Theyre even working on a "standalone" like HMs, if you really want to decouple your user programs from your system. With some programs it is as simple as you show, but with others there are options around the config and other nix module nasties that I avoid if I can. hjem-rum is a sister project to hjem that provides some similar modules. | | |
| ▲ | drdexebtjl 4 hours ago | parent [-] | | I'll take a look again once it's a bit more mature. I need a standalone, single-user, rootless mode for it to work on all my systems. Thanks for the recommendation. |
|
|
|
|
| ▲ | colordrops 7 hours ago | parent | prev | next [-] |
| People shy from Nix because of supposed complexity but it really is the only real solution to this sort of problem. It's not really that much more difficult to learn, and in fact if you are willing, AI works really well generating nix config. |
| |
| ▲ | drdexebtjl 6 hours ago | parent | next [-] | | It took me a single afternoon to learn the basics and start using it. Contrary to what I initially thought, I didn't have to migrate all of my dotfiles at once. Then over the next couple of days, Codex migrated everything else for me. One major benefit for me is that I no longer need to have once-in-a-while tools installed, because I can always spin up a temporary shell with `nix-shell -p packageName`. This significantly decreased the amount of software I have in my environment. This works great with agentic coding. Agent wants to run `ripgrep`, but you don't have it? Tell it to run `nix run nixpkgs#ripgrep` instead. But the biggest benefit is that now that you know Nix! So you can start using it to create reproducible development environments and uninstall mise, asdf, nvm, pyenv, etc. You can spin up reproducible servers running NixOS and never touch Ansible again. You can even install it in your router. Or you can do none of that and continue just using it for your dotfiles. It plays nice with other tools. | |
| ▲ | QwenGlazer9000 6 hours ago | parent | prev | next [-] | | It's not complexity its questionable documentation. Picking up Nix is really hard yet the best we got is a mishmash of unofficial recourses and many of them are out of date and/or focus on the packaging side which is terrible for introduction. | | |
| ▲ | linsomniac 6 hours ago | parent [-] | | I spent a year dabbling in NixOS, getting a few "toy" setups. About 6 weeks ago I installed NixOS on a spare laptop and did 100% of the configuration through Claude Codex. Initially I copied "/etc/nixos" off to my existing workstation, until Claude Code bootstrapped it enough to run on the NixOS machine. I've been running it as my primary workstation for the last 3-4 weeks, and it's been great! 100% configured by Claude Code or Codex CLI. Configuring a machine via Nix lang is not that fun. Configuring a machine via English is. And I've thrown some curveballs at this setup. I asked it for gitbutler-cli, which NixOS doesn't/didn't provide, and it was able to package up and build it. It's running Sway. I have my secrets and configs in SOPS+Home Manager. |
| |
| ▲ | chungy 7 hours ago | parent | prev | next [-] | | Guix solves the same problem in similar ways, though it uses Scheme as its configuration language. | | |
| ▲ | drdexebtjl 7 hours ago | parent [-] | | Sadly it doesn't work on macOS, unlike Nix. | | |
| ▲ | pkulak 7 hours ago | parent [-] | | Or hardware. | | |
| ▲ | sham1 6 hours ago | parent [-] | | It absolutely works with hardware. And it's not that difficult to add channels for extra software like a tainted Linux kernel. And in return one gets a saner programming language than the Nix language. |
|
|
| |
| ▲ | jdxcode 6 hours ago | parent | prev | next [-] | | how nix-pilled do you have to be to think that nix is the "only real solution" to dotfile managers? | | |
| ▲ | tfrancisl 6 hours ago | parent | next [-] | | Its the only complete, reproducible, and portable solution, in my opinion. I like mise, but at the end of the day some programs are more complex than just pulling a precompiled, dynamically linked binary and hoping it works. | | |
| ▲ | jdxcode 6 hours ago | parent [-] | | I am genuinely confused. Are you saying dotfile managers need to be more complex? Or that nix's problem space is the only solution for the things in nix's domain? (of which dotfiles are just one—via home manager) I thought it was the former but "just pulling a precompiled, dynamically linked binary and hoping it works" makes me think we're not on the same page since to me that has nothing to do with dotfiles. | | |
| ▲ | tfrancisl 6 hours ago | parent | next [-] | | I'm saying that I value the completeness (thoroughness may be a better word) as well as the reproducability and portability that nix ensures over convenience. I cant tell you the amount of times I've pulled a precompiled tool and it just doesnt work because of one quirk of their packaging or another. Also noting that I don't see the problem as "dotfile management" but as "system AND user configuration management" which extends beyond some plain text files in $HOME. ed.: and home manager is just one tool which provides not only dotfile management, but drvs for installing particular programs and configuring then in highly opinionated ways -- I do not use it | | |
| ▲ | bronson 5 hours ago | parent [-] | | > I can't tell you the amount of times I've pulled a precompiled tool and it just doesnt work because of one quirk of their packaging or another. This is a serious problem in Nix too. I often trip over buggy and abandoned Nix packages. Nix often makes it easy to roll back or work around them, but they're absolutely there. | | |
| ▲ | colordrops 4 hours ago | parent [-] | | They still build though. No one said anything about Nix being a solution to buggy software or bad maintainers, that's an absurd expectation. |
|
| |
| ▲ | drdexebtjl 4 hours ago | parent | prev [-] | | I don't think you're genuinely confused. Are you really in this thread to talk about dotfile managers, or are you here to criticize Nix, given that Nix directly competes with your company's only product? | | |
| ▲ | jdxcode 4 hours ago | parent [-] | | Considering nothing in that reply criticized nix you’re certainly wrong. I don’t hesitate to share my opinions on nix anytime (just like nix users themselves) so I’d have no reason to be coy about my criticism. tfrancisl was polite (even though I arguably wasn’t in the beginning) so I felt it important to return the favor. |
|
|
| |
| ▲ | colordrops 5 hours ago | parent | prev [-] | | "real" meaning truly reproducible and not brittle. |
| |
| ▲ | arikrahman 3 hours ago | parent | prev | next [-] | | A agree, Nix is very doable. With Deepseek or other cheaper models, you could get a whole headache-free setup done in one weekend for a few cents on the dollar. | |
| ▲ | jorvi 6 hours ago | parent | prev | next [-] | | Nix's complexity isn't with itself, its if you try to step one bit off the beaten path where it immediately starts to grate. | | |
| ▲ | colordrops 5 hours ago | parent [-] | | That problem is overstated. I've been dozens of custom packages and modules and it's not that much more complex that basic Nix config, and in fact is a huge positive, not negative. How easy can you write config that packages a binary and/or sets up a new service reproducibly? I'd much rather do that on Nix than Ubuntu or Arch for sure. | | |
| ▲ | jolmg 13 minutes ago | parent [-] | | If you modify a base package, like maybe to apply some minor patch on a systemd executable as an example, is there a way to avoid having to recompile basically all installed packages (for being at least indirect dependencies)? |
|
| |
| ▲ | NamlchakKhandro an hour ago | parent | prev [-] | | Nix doesn't work on windows. It's also a massive pain the ass to work with |
|
|
| ▲ | reinitctxoffset 6 hours ago | parent | prev [-] |
| I'm pretty committed to the `nix` ecosystem (I rewrote `nix` from scratch to unbreak it: https://gist.github.com/b7r6/90107d8e8ebe81fb0577b9c033b6ab0..., so, pretty committed), but I can't endorse it in it's current form after learning how the sausage is made and enough math to know why it's not just buggy but conceptually unsalvagable with the current `nixpkgs` and the current purity dogma. And `home-manager` is maybe the most glaring instance of a tool that is demonstrably ill-posed where the "you're holding it wrong" from the community is a the community problem, not anyone holding anything wrong. From the Zed editor configuration stanza in `home-manager`: https://github.com/nix-community/home-manager/blob/a78606767.... That's not a Zed problem, that's a Nix problem. No one is holding it wrong, XDG config paths get mutated. Another example and this is the one that really shows the shape of the thing: https://github.com/nixified-ai/flake/blob/bbd3a04fa1ae294096.... There is absolutely nothing "impure" about taking content-addressed bytes from a CAS (Xet in this instance) and surfacing them as a derivation. The "impurity" is called a "coeffect" and the action over the coeffect is called "grade discharge". This is thoroughly studied and works properly, it can cope with all of these cases and it's creates scope for dramatically more reproducible systems that are much easier to reason about (they are possible to reason about). Also, if you can't download shit from HuggingFace in 2026 without a weird hack where the name of the field is a scolding? That's gonna be putting downward pressure on adoption. And most of the high-friction shit in Nix is like this, ignorance hardened into dogma hardened into theology. To wit: - FHS vs. zany one-of-a-kind filesystems are nothing to do with purity or hermeticity or reproducibility, it's pure theology and the constant breakage with all the `patchFail` jank is at this point a jobs program, it's totally unnecessary. Namespaces/unshare, we have all the stuff to do this properly (`patchelf` and `unshare --bind-mount` are mathematically dual but only one blows content addressing). - `drv` hash addressing is a reproducibility war crime. Floating CA is fine it's just broken upstream and in Determinate, it's not a valid ideological debate, it's bugs. - there is absolutely no reason why the builder where a binary is produced needs to have the same filesystem layout or find libraries in the same place as the resulting artifact runs in any more than an adult needs to live in the same house they grew up in. `patchelf` works. - having `libcuda.so.1` and friends at `/run/opengl-driver/lib` is dark comedy and source builds of `NCCL` when NVIDIA-certified binaries are in a wheel (zip file) on PyPI is the sequel. this is straight up bad for the planet and we should feel bad we haven't fixed it. I could go on, but the main point for this thread is to the people who are on the fence about Nix: you're not holding it wrong the `nixpkgs` maintainers are holding it wrong, and more and more of us are getting serious about fixing it. Don't give up on declarative and reproducible systems that you can reason about because Nix is stuck in a weird place as software and as a community. There are reformers on the case. |
| |
| ▲ | tfrancisl 6 hours ago | parent | next [-] | | What a snakepit of a comment! I know there are tensions within nix but this feels like a classic case of Chestertons fence at a big scale. | | |
| ▲ | charcircuit 5 hours ago | parent | next [-] | | These things really do not have an actual reason. Take for example the Nic people who go to every project with a bash script that uses #!/bin/bash and tells them to use #!/usr/bin/env bash. There is no justification for trying to fix every bash script in existence over the operating system being able to resolve what the "current" bash version should be (/usr/bin/env already has to pick a version). This is pointless O(n) busy work Nix people have created for themselves when an O(1) solution exists. | |
| ▲ | reinitctxoffset 6 hours ago | parent | prev [-] | | [dead] |
| |
| ▲ | arianvanp 3 hours ago | parent | prev | next [-] | | Your second example i dont understand what you're getting at. This is just a mechanism for the builder to inject credentials during fetch time. The derivation is still content addressed (it's a fixed output derivation). The derivation isn't even marked as impure or whatever. There is just an environment variable that gets injected by the builder into the build env so you can authenticate. This is required to talk to hugging face What are you on about? Or do you mean that the cas address of HF should directly be addreessable in nix itself? | | |
| ▲ | reinitctxoffset 2 hours ago | parent [-] | | I understand in considerable detail what's happening here, having written a conforming implementation of `nix` myself. Silently smuggling environment variables into a builder means the build is not reproducible, nor is it possible to know a-priori whether the build is reproducible. Nix reverts to the same level of guarantee you get from Ubuntu or whatever without the convenience of Ubuntu: Docker is dramatically more principled! The galaxy brain people who do real mathematics of whom I am merely a humble fan worked this one out. The credential is a "coffect", which is a generalization of this sort of thing that is tracked ("graded") and accounted for ("discharged"), a process that allows you to reason about your system (to for example know that a massive build is going to be useless before you do it since you don't have the credential for the model you were trying to run with the thing you built). Punching random holes in Nix is worse than just disabling the sandbox or whatever other BDSM thing, because if you aren't going to get correct you might as well get easy. Why put up with Nix's bullshit if it's still going to be less correct than Docker anyways? Most people agree (c.f. Docker as opposed to Nix winning too hard in the market). My approach is different: unfuck Nix. |
| |
| ▲ | drdexebtjl 5 hours ago | parent | prev | next [-] | | Worse is better. | | | |
| ▲ | marshray 5 hours ago | parent | prev [-] | | Mommy, the Nix Reformationist is scaring me |
|
